NYS Tips Grant Taylor, Version 2.1, 1996/03/21 16:54:51 1. Introduction This document attempts to describe the yp, NIS, and NIS+ support offered in the Red Hat 2.x and 3.x Linux products. This is not a general introduction to NIS or discussion of general Linux and NIS topics. For that, see the NIS HOWTO . This document is maintained by Grant Taylor. Most content is based on his experiences and those of other Red Hat users on the redhat-list mailing list. 2. How do I use the NYS/NIS system that comes with Red Hat? The short answer to most problems in RH 2.x with NIS is for you to upgrade your libc from 5.0.9 to a version less broken wrt NIS. Many people have reported that this fixes things. Read on: 2.1. What is yp? NIS? NIS+? NYS? These questions are answered in the NIS-HOWTO. Read it - it even comes with Red Hat in the ldp RPM and on the CD-ROM. If you install the ldp RPM, you will find the NIS-HOWTO in /usr/doc/HOWTO. The quick answer is that while yp ("Yellow Pages") is the phone book in Britain, NIS is the traditional RPC-based implementation for sharing passwd, group, hosts, services, and other useful things between many machines. NIS+ is a snazzier, and more secure reimplementation of the same idea. NYS is the public domain version of same. 2.2. What is offered? Red Hat ships NYS client code in its libc and plain yp/NIS client programs like ypcat and ypbind. They ship a plain NIS server daemon, since the NYS (aka NIS+) server daemon is not yet ready for prime- time. Their ypserv does not appear to have the tcp_wrapper-style /etc/hosts.allow/deny checking compiled in, but there is a newer contributed version which does (and which probably works better). Their portmapper is the basic BSD-derived portmapper. You may wish to packet-filter it into ``safety'', or install Witesse Vitema's less pathetic portmapper if security is a concern. 2.3. How the heck do I get ypbind to work properly? How do I set up a client workstation? The NYS code in libc does it all. There is no need to run ypbind. You DO need to run domainname (apparently for the benefit of of plain NIS client programs). You must configure which maps are read from where in /etc/nsswitch.conf, and which NIS server and domain you are using in /etc/yp.conf. nsswitch.conf has comments galore, and yp.conf will look like this: domain foo ypserver foo.bar.com Do not put +:::: lines, or attempt to override nis this way in the end of passwd or group unless you have set the nsswitch mode to "compat". Netgroups are not supported under RH <=2.1; adding netgroup entries (like +@foo or -@foo) to passwd, group, or .rhosts can compromise the security of your system. NYS netgroups do work in libc >= 5.2.something; RH 3.x uses such a libc. For this reason, and a host of other NYS problems in libc-5.0.9, you should consider installing libc-5.2.x on your 2.x system, or just upgrading to RH 3.x. 2.4. ypcat and ypmatch don't work! In 2.0 and 2.1, the standard ypcat and ypmatch binaries don't work with the RedHat-supplied libc-5.0.9. You should be able to compile working versions from the NYS source in libc-5.0.9. Better yet, install libc-5.2.x and the regular binaries will reportedly work. Things should be fine in RH 3.x. 2.5. How do I run ypserv? Red Hat ships a plain NIS (aka yp) server. It works just like any other ypserv - modify the makefile in /var/nis to taste, perhaps move the source files into /var/nis/src, or perhaps not, run a make to make the databases, and run ypserv. Further documentation is in /usr/doc/ypserv*/*. RH 3.x users should consider upgrading to the more recent ypserv rpm contributed by Elliot Lee. 2.6. Where's yppasswd and yppasswdd? They don't ship it. There is a contributed rpm of it on ftp.redhat.com, or you can obtain the regular distribution and install it yourself without too much hassle. It is available from the places listed in the NIS HOWTO. You have to modify the pwupdate script that comes with it, even though the README claims it works with the NYS Makefile we ships. They also don't ship a rpcsrv/yppasswd.h, although there is the .x file. The yppasswdd package comes with both so it doesn't matter much. The NYS define should be used, but don't use the -lnsl library since it is built into our libc. 2.7. This information is miserably incomplete! There is already an NIS-HOWTO that describes how to set things up far better than this document does or should. Read it - it comes with Red Hat in the ldp package, or you can find it in the usual places like The LDP Home Page , or if all else fails, from Picante.Com . 3. Copyright Notice This document is Copyright (C) 1996 by Grant Taylor. Redistribution of this document is permitted as long as the content remains completely intact and unchanged. In other words, you may reformat and reprint or redistribute only.